Travel with a Surge Protecter

Because one power surge and the laptop / phone is fried. Plus we never back up as often as we should.

On car press launches we’d end up in some neat places that were old. And I’d watch fellow auto journalists plug their laptops into these 1960s outlets like, oh boy… Imagine having to make that call, “I’ll be missing the deadline because guess what…”

Blog tag = Physical Security (8)



Canada’s List of Accepted Proofs of Identity

This came in my mail, in regards to the upcoming election.

Note the last line under Section 2: “We accept e-statement and e-invoices. Print them or show on a mobile device”.

Some half-decent Photoshop skills can forge those…  like a prescription label, hospital bracelet, utility bill, or letter from a soup kitchen.

Or go for Option 3 … that doesn’t seem that difficult, through the use or force or not.

Okay I faked it and voted, now what?

Now I’m on the official voting list, that’s got to count towards some new pieces of ID, parlay parlay, and I’m on my way to creating a new fake person.

Hi, I’m Kara Porter.


PS – if you don’t vote on Monday, you’re a puke.



80% of Prox Card Readers are Now Vulnerable

A pair of security researchers introduced BLEKey at the 2015 Black Hat Security Conference.

It’s such a high percentage – 80% – because really, all proximity card readers are made by 1 of 2 companies. Actually, if you use one to get into work, I bet it’s a HID unit.

The BLEKey (Bluetooth low energy key) can be installed in 60 seconds by attaching it to the reader via 3 wires. Then, when paired with a mobile phone, this $10 device can open a proximity card protected door.

1 – Bluetooth

2 – processor

3 – where the 3 wires attach (2 data, 1 power)

4 – battery

Once in place, it can clone cards, remotely open the door, or disable the door entirely for 2 minutes after the attacker is through.

Business Owners:

At the conference, the pair threw 200 BLEKeys into the crowd, and made available both the code, and unit for sale; it’s now out there.

To protect your business, they suggest ensuring tamper detection is turned on, and make sure to monitor the logs for anomalies. Also monitor the camera by the door, to stop an attacker from installing one into your reader.


Add this to your kit. It could make the physical portion of your pentest smoother, especially since sensitive areas are often protected by prox cards.

Or use it to mess with the company’s logs.

Get the code here – GitHub

Here’s the are the guys behind BLEKey and the best part is… they’re Canadian! They also received the most cheers of all the presentations I attended.

Left is Eric Evenchick, and right is Mark Baseggio.

From Black Hat 2015

Blog tag = Black Hat